Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: Add missing trivy/grype scan to reusable build flavor workflow #3184

Open
Itxaka opened this issue Feb 11, 2025 · 2 comments
Open

bug: Add missing trivy/grype scan to reusable build flavor workflow #3184

Itxaka opened this issue Feb 11, 2025 · 2 comments
Labels
bug Something isn't working ci triage Add this label to issues that should be triaged and prioretized in the next planning call unconfirmed

Comments

@Itxaka
Copy link
Member

Itxaka commented Feb 11, 2025
edited
Loading

Currrently only release job has the Trivy/Grype scan

We should add it to the reusable-build-flavor workflow to scan the created images on each MASTER push, upload them to the security tab on github so we can track issues.
@Itxaka Itxaka added bug Something isn't working ci triage Add this label to issues that should be triaged and prioretized in the next planning call unconfirmed labels Feb 11, 2025
@Itxaka Itxaka changed the title bug: Add missing trivb/grype scan to reusable build flavor workflow bug: Add missing trivy/grype scan to reusable build flavor workflow Feb 11, 2025
@Itxaka Itxaka mentioned this issue Feb 11, 2025
Open
24 tasks
@jimmykarily
Copy link
Contributor

Let's do it only on master runs because the notifying us on every PR and blocking the merge doesn't make sense. We care about CVEs at release time.

@Itxaka
Copy link
Member Author

Itxaka commented Feb 11, 2025

Let's do it only on master runs because the notifying us on every PR and blocking the merge doesn't make sense. We care about CVEs at release time.

sorry I wanted to write that, but seems like I did NOT. woops

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working ci triage Add this label to issues that should be triaged and prioretized in the next planning call unconfirmed
Projects
🧙Issue tracking board
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Itxaka @jimmykarily